ENCRYPT Act, Comey testimony show stark differences toward encryption

A pair of Congressmen introduced legislation designed to effectively ban state and local governments from mandating decryption.

The stark differences in the two sides of the encryption debate were on full display this week as the Federal Bureau of Investigation (FBI) director repeated his “encryption thwarts law enforcement” mantra before a Senate committee and a pair of Congressmen introduced legislation designed to effectively ban state and local governments from mandating decryption.

A day after FBI Director James Comey told the Senate Intelligence Committee that an encrypted smartphone was hampering the Bureau's investigation of the San Bernadino terrorists, a bipartisan set of Democratic and Republican members of Congress, including Reps. Ted Lieu (D.-Calif) and Blake Farenthold (R-Texas) unleashed a bill, the Ensuring National Constitutional Rights for Your Private Telecommunications (ENCRYPT) Act of 2016, that would preempt states' data security vulnerability mandates and decryption requirements.

“A patchwork of 50 different encryption standards is a recipe for disaster that would create new security vulnerabilities, threaten individual privacy and undermine the competitiveness of American innovators,” Lieu said in a release. “It is bad for law enforcement, bad for technology users, and bad for American technology companies.”

The Congressman, who has distinguished himself as a champion of privacy and is one of the few members of Congress with a computer science degree, stressed that “national issues require national responses” and that the bill he and Farenthold introduced “makes sure that this conversation happens in a place that does not disrupt interstate commerce.”

Farenthold echoed Lieu's sentiment, calling for “a unified approach to this issue that both protects security and privacy while enabling law enforcement to keep us safe.”

While authorities may find national legislation preferable to 50 separate state laws, law enforcement has long voiced its opposition to encryption, claiming it would be more difficult to investigate or thwart terrorism and other crimes. Comey told the Senate Intelligence Committee Wednesday that authorities “still have one of those killer's phones that we have not been able to open," referring to the husband-wife terrorist team that shot numerous people in San Bernadino, Calif. Encryption, he said, is partly responsible for suspects “going dark” and adding to law enforcement's burden.

Security pros, by and large, have long held that the inclusion of back doors in products, even for the benefit of law enforcement, would compromise security in the long run. “Advancements in encryption will undoubtedly impact how the government fights crime and terrorism, but attempts to limit encryption domestically are impractical, create new cyber security vulnerabilities, and make it more difficult for U.S. companies to compete abroad,”

Daniel Castro, vice president of the Information Technology and Innovation Foundation (ITIF), said in comments emailed to SCMagazine.com. “The United States should be embracing strong encryption, not trying to cripple it.”

Castro reiterated that the U.S. needs a uniform policy, noting that the digital economy transcends state lines, and U.S. policy should as well. If states go their own way on encryption policy, it would fragment the U.S. market and interfere with digital commerce.”